Virus-writers are using increasingly complex and sophisticated techniques in their bid to circumvent anti-virus software and disseminate their viruses. Anti-virus software, though essential, cannot combat such threats alone; an email exploit detection tool is also necessary.
Why you need an email exploit
detection engine
The danger of email exploits
This white paper explains what email exploits are, provides examples of common email exploits, and discusses why a non signature-based approach (i.e., not a virus engine) is needed to protect against email exploits.
WWW.GFI.COM Why you need an email exploit detection engine . 2
Introduction Virus-writers are using increasingly complex and sophisticated techniques in their bid to circumvent anti-virus software and disseminate their viruses. A case in point was the notorious Nimda virus that used multiple methods to spread itself and was based on an exploit rather than on the virus/Trojan behavior that anti-virus products typically search for. Anti-virus software, though essential, cannot combat such threats alone; an email exploit detection tool is also necessary.
Introduction....................................................................................................................................2 What is an exploit? ........................................................................................................................2 Difference between anti-virus software and email exploit detection software...............................2 Exploit engine requires less updates.............................................................................................3 The Lessons of Nimda, BadTrans.B, Yaha and Bugbear .............................................................3 Other examples of exploits............................................................................................................4 The GFI MailSecurity exploit engine .............................................................................................4
What is an exploit? An exploit uses known vulnerabilities in applications or operating systems to execute a program or code. It "exploits" a feature of a program or the operating system for its own use, such as executing arbitrary machine code, read/write files on the hard disk, or gain illicit access.
What is an email exploit? An email exploit is an exploit launched via email. An email exploit is essentially an exploit that can be embedded in an email, and executed on the recipient's machine once the user either opens or receives the email. This allows the hacker to bypass most firewalls and anti-virus products.
Difference between anti-virus software and email exploit detection software Anti-virus software is designed to detect KNOWN malicious code. An email exploit engine takes a different approach: it analyses the code for exploits that COULD BE malicious. This means it can protect against new viruses, but most importantly against UNKNOWN viruses/malicious code. This is crucial as an unknown virus could be a one-off piece of code, developed specifically to break into your network.
Email exploit detection software analyzes emails for exploits - i.e., it scans for methods used to exploit the OS, email client or Internet Explorer - that can permit execution of code or a program on the user's system. It does not check whether the program is malicious or not. It
WWW.GFI.COM Why you need an email exploit detection engine . 3
simply assumes there is a security risk if an email is using an exploit in order to run a program or piece of code.
In this manner, an email exploit engine works like an intrusion detection system (IDS) for email. The email exploit engine might cause more false positives, but it adds a new layer of security that is not available in a normal anti-virus package, simply because it uses a totally different way of securing email.
Anti-virus engines do protect against some exploits but they do not check for all exploits or attacks. An exploit detection engine checks for all known exploits. Because the email exploit engine is optimized for finding exploits in email, it can therefore be more effective at this job than a general purpose anti-virus engine.
Exploit engine requires less updates An exploit engine needs to be updated less frequently than an anti-virus engine because it looks for a method rather than a specific virus. Although keeping exploit ... [download for more]
